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METHOD FOR TRANSFERRING MPOA PACKET 



BACKGROUND OF THE INVENTION 



Field of the Invention 

The present invention relates to a method for transferring a Multi- 
Protocol Over Asynchronous Transfer Mode (hereinafter called MPOA) 
address request packet received by a conventional MPOA server to the other 
MPOA server or to the other MPOA client. 

Background Art 

The conventional Multi-Protocol Over Asynchronous Transfer Mode 
(hereinafter, called MPOA) is a communication mode used on a ATM network 
using existing protocols such as an Internet Protocol (IP), an Internetwork 
Packet Exchange (IPX), as specified by the version 1.0 (AF-MPOA-0087.00, 
ATM Forum). 

However, in such a conventional packet transfer method, since a source 
layer 3 address of a data packet which is desired to be short cut is not 
included in the MPOA address resolution request packet, a problem has been 
encountered that, when the MPOA server receives the MPOA address 
resolution request packet, the MPOA server can not determine based on the 
layer 3 packet filter information whether or not the MPOA address resolution 
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request packet is to be forwarded to the other MPOA server or the other 
MPOA client. Moreover, since the above-described source layer 3 address is 
not included, the MPOA server can not check whether or not it is the desired 
MPOA address resolution request. Thus, even when an address resolution 
5 request is transmitted from an MPOA client, triggered by a data 

communication from an undesired source, another problem encountered is 
that when such an MPOA address resolution request is processed by a" 
normal procedure, there is a possibility that an undesirable short cut path 
will be established. 

10 For example, as shown in Fig. 7, it is assumed that the data 

communication is started from a terminal 700 to another terminal 701. If no 
layer 3 packet filter information is set in an MPOA server 500 or in another 
MPOA server 501, the data packet from the terminal 700 arrives at the 
terminal 701 through a router 800, an MPOA client 600, MPOA servers 500 

15 and 501, and an MPOA client 601. When a data flow to the terminal 701 is 
detected at the MPOA chent 600, the MPOA client 600 sends an MPOA 
address resolution request packet to the MPOA server 500. This MPOA 
address resolution request packet is forwarded through the MPOA servers 
500 and 501 to the MPOA chent 601, and the reply for the request packet is 

20 forwarded through the MPOA clients 601 and the MPOA servers 501 and 500, 
to the MPOA chent 600, so that the MPOA client 600 learn the ATM address 
of the MPOA client 601. When a short cut path is estabhshed from the 
MPOA client 600 to the MPOA client 601, the data packet sent from the 
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terminal 700 to the terminal 701 is forwarded through the terminal 700, the 
router 800, and the MPOA clients 600 and 601 to the terminal 701. 

In contrast, if a rule such as "the data packet from a subnet X is not 
permitted to reach a subnet C" is configured, the data packet from the 
terminal 700 addressed to the terminal 701 will be discarded by the layer 3 
function portion of the MPOA server 500 or 501 based on the layer 3 packet 
filter information, while if the MPOA client is not provided with a short cut 
path, the data packet from the terminal 700 is forwarded through the router 
800 and the MPOA chent 600 to the MPOA servers 500 and 501. 

However, in that period, since a data flow to the terminal 701 is 
detected in the MPOA cHent 600, the MPOA client 600 sends an MPOA 
address resolution request packet to the MPOA server 500. This address 
resolution request packet is forwarded through the MPOA servers 500 and 
501 to the MPOA client 601, and the reply for the request is forwarded 
through the MPOA client 601 and the MPOA servers 500 and 501 to the 
MPOA client 600, so that the MPOA client 600 can learn the ATM address of 
the MPOA client 601. Thereby, the MPOA client 600 establishes a short cut 
path to the MPOA client 601, and thereafter the data packet sent from the 
terminal 700 to the terminal 701 is forwarded through the terminal 700, the 
router 800, the MPOA clients 600 and 601, to the terminal 701. 
Consequently, a serious security problem arises that a data packet, which 
should be originally discarded, arrives at the terminal 701 through the short 
cut path developed by the above process. 
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SUMMARY OF THE INVENTION 
It is therefore an objective of the present invention to provide a method 
capable of determining whether or not the address can be resolved based on 
5 the layer 3 packet filter information and capable of prohibiting establishment 
of an undesirable short cut path. 

According to the first aspect, a method for transferring MPOA packets 
in an ATM network comprises a step for an MPOA server which has received 
an address resolution request packet from an MPOA client for determining 
10 whether or not said address resolution request packet is to be forwarded to 
the other MPOA server or the other MPOA client based on layer 3 packet 
filter information. 

According to the second aspect, in the method for transferring MPOA 
packets according to the first aspect, the method comprises the step for said 

15 MPOA client of transmitting a source layer 3 address of the data packet that 
is to be a short cut by adding to an extension of the MPOA address resolution 
request packet, while the MPOA server determines whether or not said 
MPOA address resolution request packet is to be forwarded to the other 
MPOA server or the other MPOA client based on said source layer 3 address 

20 placed in the extension and the destination layer 3 address in the MPOA 
address resolution request packet received from said MPOA client, after 
being verified by the layer 3 packet filter information. 

According to the third aspect, in the method for transferring MPOA 
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packets according to the first apspect, the method comprising the step for 
said MPOA client of: 

notification by the MPOA packet processor of the MPOA address 
resolution request operation and source layer 3 address information to the 
5 source layer 3 address extension processor; 

judging by the source layer 3 address extension processor which has 
received the notification about whether or not the outer instruction directs 
that the source layer 3 address be included in the MPOA packet extension, 
and when the answer is yes, to make the MPOA packet extension include the 
10 source layer 3 address; and 

transmitting by the client MPOA packet transmitting portion the 
MPOA address resolution request packet with the MPOA packet extension 
added at said client MPOA packet processor to an MPOA server. 

According to the fourth aspect, in the method for transferring MPOA 
15 packets according to the first aspect, the method comprising the step for said 
MPOA server of: 

receiving by the MPOA packet receiving portion the MPOA address 
resolution request packet from said MPOA client; 

checking by the server MPOA packet processor about whether or not the 
20 source layer 3 address is included in the received MPOA address resolution 
request packet, and 

when included, obtaining by the server MPOA packet processor the 
source layer 3 address and the destination layer 3 address; 



retrieving by the layer 3 filter retrieving portion the layer 3 filter 
information using said source layer 3 address and the destination layer 3 
address as the key, and judging by said server MPOA packet processor about 
whether or not to permit passing the filter; and directing the execution of 
error processing, when not permitted or directing the execution of processing 
for forwarding the received MPOA address resolution packet to the other 
MPOA server or the other MPOA client. 

According to the fifth aspect, in the method for transferring MPOA 
packets according to the fourth aspect, the error processing is a process for 
transmitting the MPOA packet which indicates that the address resolution 
has been failed toward the MPOA client. 

BRIEF DESCRIPTION OF THE DRAWINGS 
Fig. 1 is a block diagram showing a structure of the MPOA client that 
carries out a method of the present invention for transferring an MPOA 
packet. 

Fig. 2 is a block diagram showing a structure of an MPOA server that 
carries out a method o£ the present invention for transferring an MPOA 
packet. 

Fig. 3 is a flow chart showing operations of the MPOA client shown in 

Fig.l. 

Fig. 4 is a flow chart showing operations of the MPOA server shown in 

Fig.2. 



Fig. 5 is a format diagram showing an extension of the MPOA packet of 
the present invention for holding the source layer 3 address. 

Fig. 6 is a format diagram showing the other extension of the MPOA 
packet of the present invention for holding the source layer 3 address. 

Fig. 7 is a block diagram showing the conventional MPOA packet 
transfer system. 

DETAILED DESCRIPTION OF THE INVENTION 
[First Embodiment] 

Hereinafter, the first embodiment of the present invention will be 
described with reference to attached drawings. 

Fig. 1 is a diagram showing a structure of an MPOA cUent for carrying 
out a method of the present invention for transferring an MPOA packet. 
The MPOA client comprises a client MPOA packet processor 11, a source 
layer 3 address extension processor 12, and a client MPOA packet 
transmitting portion 13, which are connected as shown in the Fig. 1. The 
client MPOA packet processor 11 functions so as to receive from the outside 
an instruction to start MPOA address resolution processing. The' source 
layer 3 addrdss extension 12 functions so as to be able to receive from the 
outside an infetruction indicating whether or not the source layer 3 address is 
included in the extension of the MPOA packet. 

Fig. 2 is a block diagram showing a structure of the MPOA server 20, 
which comprises an MPOA packet receiving portion 21, a server MPOA 
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packet processor 22, a layer 3 filter retrieving portion 23, and a server MPOA 
packet transmitting portion 24, which are connected as shown in Fig. 2. The 
layer 3 filter retrieving portion 23 functions so as to receive from the outside 
the layer 3 filter information. Layer 3 filter information denotes 
5 information for determining whether or not a data packet is permitted to 
pass through, based on key factors of a source layer 3 address (or a subnet 
number) and a destination layer 3 address (or a subnet number). For 
example, information is such as "A data packet, in which the source layer 3 
address belongs to the subnet X and the destination layer 3 address belongs 

10 to the subnet Y, is not permitted to pass through". This layer 3 filter 
information is suitably configured by an administrator of the MPOA server. 
It should be noted that Figs 1 and 2 only depict the portion for realizing the 
function of this invention, and other functional portions constituting the 
MPOA server or the MPOA client are not depicted. 

15 Next, an operation is described in detail with reference to Figs. 3 and 4. 

Fig. 3 shows a flow chart showing a procedure for processing data in the 
MPOA client. First, the client MPOA packet processor 11 starts the 
operation (Step 100) by an instruction from the outside (for example, an 
instruction from a functional portion which detects that the data packet is 

20 continuously transmitted), and notifies the source layer 3 address extension 
processor 12 to start an MPOA address resolution request operation. At this 
time, the source layer 3 address extension processor 12 (step 101) is informed 
of transmission layer 3 address information. The source layer 3 address 
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extension processor 12 judges whether or not the outside instruction directs 
to include the source layer 3 address be included in the extension of the 
MPOA packet (step 102). It is also possible for a user to execute an 
instruction using any applicable commands. 

When the result of the above judgement is that "the instruction directs 
that the source layer 3 address be included", the extension of the MPOA 
packet including the source layer 3 address is prepared (step 103), and the 
matter is notified to the client MPOA packet processor 11. The client MPOA 
packet processor 11 adds the extension of the MPOA packet prepared by the 
source layer 3 address extension processor 12 to the MPOA address 
resolution request packet (step 104). In contrast, when the result of the 
above judgement is that "the instruction directs that the source layer 3 
address not be included", nothing is done. The client MPOA packet 
processor 11 delivers the MPOA address resolution request packet to the 
client MPOA packet transmitting portion 13, the client MPOA packet 
transmitting portion 13 transmits the MPOA address resolution request 
packet to the MPOA server (step 105), and the routine ends (step 106). 

Next, Fig. 4 shows a flow chart of a data processing procedure in the 
MPOA server. First, the procedure starts by receiving the MPOA address 
resolution request packet from the MPOA packet receiving portion 21 (step 
200), and the MPOA packet receiving portion 21 delivers the MPOA address 
resolution request packet to the server MPOA packet processor 22 (step 201). 
The server MPOA packet processor 22 checks whether or not the source layer 
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3 address is included in the received MPOA address resolution request packet 
(step 202). When the check indicates that the source layer 3 address is 
included, the source layer 3 address and the destination layer 3 address 
which is an object of the address resolution are derived from the MPOA 
address resolution request packet for delivery to the layer 3 filter retrieving 
portion 23. 

The layer 3 filter retrieving portion 23 retrieves the layer 3 filter 
information u dng those two received layer 3 addresses, determines whether 
or not passage through the filter is permissible (step 203), and the server 
processor 22 is informed of the result. The server MPOA 
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packet proces sor 22 judges whether the information from the layer 3 filter 



retrieving po 
permissible" 
the result is 



y-tion 23 is "permissible" or "not permissible" (step 204). If "not 
error processing is executed and the routine ends (step 206). If 
'permissible", processing is executed for forwarding the received 
15 MPOA address resolution request packet to the other MPOA server or the 
other MPOiL client for delivery to the server MPOA packet transmitting 
portion. 

If the judgement result in the above-described step 202 is that the 
source layer 3 address is not included, the received MPOA address resolution 
20 request packet is processed for forwarding to the other MPOA server or to the 
other MPOA client, and delivered to the server MPOA packet transmitting 
portion 24. The server MPOA packet transmitting portion 24 transmits the 
MPOA address resolution request packet received from the server MPOA 
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packet processor 22 toward the other MPOA server or the other MPOA client 
(step 207) and the routine ends (step 208). The error processing described 
above is processing, for example, that transmits a MOPA packet indicating 
the failure of the address resolution to the MPOA client. 

Fig. 5 shows examples of formats for the extension of the MPOA packet 
for holding the source layer 3 address. In this example, "Vendor Private 
Extension" of the MPOA control packet is used. The C field and u field are 
set 0. The Type field is set to 8 which indicates that this is the Vendor 
Private Extension. The Length field is set to a length from the Vendor ID 
field to the Data Source Protocol Address field in octet unit. The Vendor ID 
field is set to, for example, 119 (decimal number) which represents the NEC 
Corporation. The Sub ID field is set to a suitable number of a vendor for 
distinguishing a project or a model of the same vendor. The Sub Type field is 
set to a suitable function number of the present Vendor-Private Extension. 
In this case, a number is set to which represents the source layer 3 address 
extension. The DSPA Len field is set to a length of the source layer 3 
address which is stored in the next Data Source Protocol Address field. The 
Data Source Protocol Address field is set to a source layer 3 address. 

Even when an MPOA client provided with the functions of the present 
invention transmits an MPOA address resolution request packet with the 
addition of the source layer 3 address to an MPOA server which is not 
provided with the function of the present invention, the MPOA server can 
execute processing without any hindrance. This is because the source layer 




12 



3 address is held in the extension of the MPOA packet. In addition, the 
MPOA server having the function of this invention can execute processing 
without any hindrance even when it receives the MPOA address resolution 
request packet which is not provided with the function of the present 
invention. 

[Second Embodiment] 

Hereinafter, the second embodiment of the present invention is 
described. This embodiment is provided for the MPOA cHent in adding the 
source layer 3 address by defining a new "source layer 3 address extension" 
as the regular extension of MPOA instead of using "Vendor Private 
Extension". An example of the format of the extension is shown in Fig, 6. 

As shown in Fig. 6, the C field and the u field are set to 0. The Type 
field is set to a value (for example, lOOf (hexadecimal number)) representing 
that this is the extension of the source layer 3 address. The Length field is 
set to a length from the DSPA Len field to the Data Source Protocol Address 
field in octets. The DSPA Len field is set to a length of the source layer 3 
address to be stored in the Data Source Protocol Address field. The unused 
field is set to 0. The Data Source Protocol Address field is set to a source 
layer 3 address. It is noted that the values shown above and the field names 
of the packets is not limited to the above examples and any numbers and 
names may be selected, and the present invention may be realized by 
software, firmware, or hardware. 

As described above, the present invention shows the significant effect 
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that, the source layer 3 address can be learned at each MPOA server since an 
MPOA client transmits an MPOA address resolution request packet with the 
source layer 3 address in the extension; thereby it is possible to determine 
whether or not the address resolution is permissible based on the layer 3 
packet filter information at each MPOA server, using the source layer 3 
address and the address of the data packet transferred practically through 
the short cut path. Furthermore, since the MPOA server permits the 
address resolution only when it is permitted by the layer 3 packet filter 
information, the security of the packet transfer is improved. 



